CNIT 127: Exploit Development

Spring 2017 Sam Bowne

Catalog Description

Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.

Advisory: CS 110A or equivalent familiarity with programming

Upon successful completion of this course, the student will be
able to:

Read and write basic assembly code routines

Read and write basic C programs

Recognize C constructs in assembly

Find stack overflow vulnerabilities and exploit them

Create local privilege escalation exploits

Understand Linux shellcode and be able to write your own

Understand format string vulnerabilities and exploit them

Understand heap overflows and exploit them

Explain essential Windows features and their weaknesses, including DCOM and DCE-RPC

Textbook

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter
before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 8:30 am Saturday. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the second score is the one that counts, not necessarily the higher score.